Looking for Low Power Budget Build Suggestions (BC, Canada)
-
I used to have an old IBM server that was big, power hungry (~350W) and loud. I was running pfSense as a VM and it was fine, however I could no longer justify it, so I sold it and reverted to using my ISP's supplied modem/router.
My requirements:
- Low power: 15W -ish? I don't want an old PC eating power and spewing out heat
- Bandwidth support: Min: 200Mbps, though some some room for growth would be nice. 300/300 Mbps plans are on the horizon in my area.
- Form factor: I'm flexible, but smaller would be better. Network rackmount is OK (~12" deep max)
- Price: Ideally under $200 CAD all in
- AES-NI / pfSense 2.5 compatible
- OpenVPN: I'd use it, but not for anything beyond light remote access.
Options:
- Espresso.bin - looks good, bug no ETA on support
- APU2C2/APU2C4 - is this still a good option?
- ???
-
I've had good luck with the Zotac CI323 Nano. The updated model is the CI327 Nano. However, while it looks like you can get either one of those for US$150 in the states, amazon.ca and newegg.ca both list them for just over CAD$200. And you need to add RAM and a hard drive. I've been running with only a 4GB stick of RAM and a 32GB SSD, and I run with 3 concurrent VPN client tunnels, Snort, and pfBlockerNG. So you could plausibly still stay under CAD$300 maybe. These Zotac boxes do use Realtek NICs though, so you'd also need to use the official Realtek driver:
https://forum.netgate.com/topic/92884/zotac-zbox-ci323-nano/111There may yet be better and cheaper options; I can only speak to my personal experience.
-
Thanks for the reply. Definitely worth considering the Zotac if nothing else turns up.
-
@strigona Am running an often maligned (everybody has an opinion) MiniSys 4 port, cheapest from AlliExpress, I've seen under usd$200, add your own SSD+Ram. 10 WATTS! and a side benefit NO FAN, although it does run a little warm (50c idle) but if u have fan-ed rack it should be fine, be sure to get the AES-NI ready, Intel NICs favored by Pfsense. You maybe able to get away with it looking for a used Atom-class, 300+ Passmark fine, from eBay. Just don't buy anything proprietary, Pfsense loads on any standard PC box fine.
-
I like the Qotom boxes myself, especially the i3 which has AES-NI and uses Intel NICs.
-
@rnatalli until they fail.
I have just replaced my current system (n54l) with an i7 4770 with multiple intel pcie nics 80+ PSU so its low power with way more grunt than I will ever need.My current system CPU is always above 60% and 8gb out of 16gb ram usage. that's without snort or vpn active.
edit. around 300aud
-
@SLIMaxPower Curious what package you are running to have 60% load on i7. From experience, the cpu intensive application is ips/ids (Snort,Suricate) and VPN.
-
@mdahal Sorry I was talking about the N54l with 16gb ecc and intel nics. I am running a large list through pfblockrng, plus snort (not actively blocking), schedules (which don't block udp - apparently fixed in 2.5+, plus some less intensive options.
The QotoM and PFsense etc appliances are fine for basic/intermediate stuff. Packages should be run off other clients/vm's to take use of performance.
The i7 will not even struggle even with 6 intel nic's - still deciding on how much ram I should jam in it though.
To me it's a an investment for something I know will run for years and is generally cheap on power once configured, and easy to replace if your a smart.
-
@slimaxpower said in Looking for Low Power Budget Build Suggestions (BC, Canada):
schedules (which don't block udp - apparently fixed in 2.5+
Hmm, I'm not aware of that. Is there a bug open/resolved for that? I don't see one. And do you mean in 2.4.4?
Steve
-
@stephenw10 If you check the firewall/schedule thread your will find many users with complaints about traffic not getting cut off when schedules expire. udp traffic seems to be the main culprit.
-
@stephenw10 said in Looking for Low Power Budget Build Suggestions (BC, Canada):
Hmm, I'm not aware of that. Is there a bug open/resolved for that? I don't see one. And do you mean in 2.4.4?
Blocking scheduling not quite working and https://redmine.pfsense.org/issues/8820
Some issue with "pfctl" ....
This issue isn't a goal for the upcoming "2.4.4" ( https://redmine.pfsense.org/projects/pfsense/issues?fixed_version_id=46&set_filter=1&status_id=o ) -
@gertjan that is only part of the problem. even after manually resetting the states udp reconnects.
-
@slimaxpower said in Looking for Low Power Budget Build Suggestions (BC, Canada):
@rnatalli until they fail.
I have just replaced my current system (n54l) with an i7 4770 with multiple intel pcie nics 80+ PSU so its low power with way more grunt than I will ever need.My current system CPU is always above 60% and 8gb out of 16gb ram usage. that's without snort or vpn active.
edit. around 300aud
Hi @SLIMaxPower would it be possible to get some more details of your build please? I'm also in Australia, finding it hard to put together something low-power for around the $300 level that would suit.
Thanks!